[148627] in cryptography@c2.net mail archive
Re: [Cryptography] Fwd: [IP] RSA Response to Media Claims Regarding
daemon@ATHENA.MIT.EDU (Kent Borg)
Mon Dec 23 10:37:35 2013
X-Original-To: cryptography@metzdowd.com
Date: Mon, 23 Dec 2013 08:40:12 -0500
From: Kent Borg <kentborg@borg.org>
To: Bill Cox <waywardgeek@gmail.com>
In-Reply-To: <CAOLP8p5F0cxLtbymp83MmwJwatVaDyMhWeFTP1UF2RSffZXAKw@mail.gmail.com>
Cc: Cryptography List <cryptography@metzdowd.com>
Errors-To: cryptography-bounces+crypto.discuss=bloom-picayune.mit.edu@metzdowd.com
This is a multi-part message in MIME format.
--===============0106159273799362008==
Content-Type: multipart/alternative;
boundary="------------070204070603030308040805"
This is a multi-part message in MIME format.
--------------070204070603030308040805
Content-Type: text/plain; charset=windows-1252; format=flowed
Content-Transfer-Encoding: 7bit
On 12/23/2013 12:08 AM, Bill Cox wrote:
> Does this mean RSA denies accepting $10M for making the NSA RNG the
> default in BSAFE? You did not say so in your post. So now RSA
> "categorically denies" entering into a secret contract with the NSA.
No, they didn't say that. They said didn't "incorporate a known flawed
random number generator", they also said that they don't reveal their
contract details.
My translation of their statement:
- We are outraged our name has been smeared.
- We were following a trend, back when we assumed the NSA worked for
security.
- We only changed the default, trouble-makers looking to get fired
could still use a different RNG.
- It was the FIPS standard, so even when folks pointed out its flaws,
we hid behind NIST guidence.
- When NIST change their tune we told customers to go figure out how
change the default in their deployed Bsafe fobs and we started working
on this carefully worded press release.
- We won't comment on the $10 million.
- We were too stupid to have an opinion about Dual EC DRBG, we didn't
know it had any problems. Just because we have legendary initials as
our name doesn't change that we are just ignorant businessmen, honest,
we don't know any better.
Breathtaking.
-kb, the Kent who hopes he wasn't too brutal in his translation.
--------------070204070603030308040805
Content-Type: text/html; charset=windows-1252
Content-Transfer-Encoding: 8bit
<html>
<head>
<meta content="text/html; charset=windows-1252"
http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
<div class="moz-cite-prefix">On 12/23/2013 12:08 AM, Bill Cox wrote:<br>
</div>
<blockquote
cite="mid:CAOLP8p5F0cxLtbymp83MmwJwatVaDyMhWeFTP1UF2RSffZXAKw@mail.gmail.com"
type="cite">
<div dir="ltr">
<div class="gmail_extra"><span
style="font-family:arial,sans-serif;font-size:19.200000762939453px">Does
this mean RSA denies accepting $10M for making the NSA RNG
the default in BSAFE? You did not say so in your post. So
now RSA "</span><span
style="font-family:arial,sans-serif;font-size:19.200000762939453px">categorically
denies" entering into a secret contract with the NSA. </span></div>
</div>
</blockquote>
<br>
No, they didn't say that. They said didn't "incorporate a known
flawed random number generator", they also said that they don't
reveal their contract details.<br>
<br>
My translation of their statement:<br>
<br>
- We are outraged our name has been smeared.<br>
- We were following a trend, back when we assumed the NSA worked
for security.<br>
- We only changed the default, trouble-makers looking to get fired
could still use a different RNG.<br>
- It was the FIPS standard, so even when folks pointed out its
flaws, we hid behind NIST guidence.<br>
- When NIST change their tune we told customers to go figure out
how change the default in their deployed Bsafe fobs and we started
working on this carefully worded press release.<br>
- We won't comment on the $10 million.<br>
- We were too stupid to have an opinion about Dual EC DRBG, we
didn't know it had any problems. Just because we have legendary
initials as our name doesn't change that we are just ignorant
businessmen, honest, we don't know any better.<br>
<br>
Breathtaking.<br>
<br>
-kb, the Kent who hopes he wasn't too brutal in his translation.<br>
</body>
</html>
--------------070204070603030308040805--
--===============0106159273799362008==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
_______________________________________________
The cryptography mailing list
cryptography@metzdowd.com
http://www.metzdowd.com/mailman/listinfo/cryptography
--===============0106159273799362008==--
